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LISTING OF CIAIMS 




\ 



1. (currently amended) A method for securely providing 
data of a content provider to a user without trusting an 
internet service provider, wherein i-h. . Qn(:pn ^ ^ 
internet service provider ar* diffe r ent enflM^ , 
method comprising: 

generating a first key known only to said content 



a. 

provider; 
b. 



encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password; 

c. storing said encrypted second key on a client 
machine ; and 

when said user desires to access said data: 

d. decrypting said second encrypted key using said 
first key; and 



e. 



accessing said data using said second key. 



2. (original) A method as recited in claim 1, further 
comprising the step of transmitting the identity of said 
client machine to said content provider to authenticate that 
said user is using said client machine, thereby permitting 
said data to be accessed only on said client machine. 
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3. (original) A method as recited in claim 1, wherein 
said one-time password is a unique user identifier and 
wherein said one-time password is transmitted out of band. 

4. (original) A method as recited in claim 1, wherein said 
second key is required in an algorithm that generates a 
session key which is used to decrypt said data. 

5- (currently amended) A method for securely providing 
data of a content provider through an Internal- 
provider to a user without trusting an internet service 
provider, wherein said content p rovider *nH said in ^ rng( . 
service provider are different said metho d 

comprising: 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password and a 
separate user provided password; 

c. storing said encrypted second key on a client 
machine; and 

when' said user desires to access said data: 

d. decrypting said second encrypted key using said 
user provided password; and 

e. accessing said data using said second key. 
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6. (original) A method as recited in claim 5, further 
comprising the step of transmitting the identity of said 
client machine to said content provider to authenticate that 
said user is using said client machine, thereby permitting 
said data to be accessed only on said client machine. 

7. (original) A method as recited in claim 5, wherein 
said one-time password is a unique user identifier and 
wherein said one-time password is transmitted out of band. 

8. (original) A method as recited in claim 5, wherein said 
second key is required in an algorithm that generates a 
session key which is used to decrypt said data. 

». (currently amended) In a communications network having 
at least a content provider node and a plurality of client 
machines, a method of authenticating a user seeking access 
to secure data of said content provider, wherein saiH 
accesses said content provider fhr OUah an internet serving 
provider and wherein said interna service m-nvjder and 5»hh 
content provider are different enrit-i^ method 
comprising: 

a. transmitting gAa and the identity of the user of 
dieV said one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
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to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 

c. encrypting gAb with a one-time password of said 

user; 

d. calculating gA(a*b) by said client machine using 
said one-time password to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 

10. (original) A method as recited in claim 9, further 
comprising the step of transmitting the identity of a 
particular one of said client machines to said content 
provider to authenticate that said user is using said client 
machine, thereby permitting said data to be accessed only on 
said client machine. 

11. (original) A method as recited in claim 9, further 
comprising the step of performing a method authenticated 
code on gA(a*b) at said content provider and transmitting 
the results of performing said method authenticated code to 
said client, where said client machine verifies said results 
to authenticate said content provider. 
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12. (currently amended) A program storage device readable 
by a machine, tangibly embodying a program of instructions 
executable by the machine to perform method steps for 
securely providing data of a content provider to a user, 
wherein data is transmitted to ^ er from sai H 

provider through an internet «»nH~ p rovirfpr ^ w ^<» 
said content provider and interna service provider are 
different entities, said method comprising: 

a. generating a first key known only to said content 
provider ; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password; and 

c. storing said encrypted second key on a client 
machine; and 

wherein f - w hen said user desires to access said data: 

*■ decrypting said second encrypted key is decrypted 

using said first key; and 

acooooing said data is accessed using said second 

key. 

13. (currently amended) A program storage device readable 
by a machine, tangibly embodying a program of instructions 
executable by the machine to perform method steps for 
securely providing data of a content provider to a user, 
wherein data is transmitted to « a j d user from said mnf 0 nf 
provider through an internet se rvice provider and wherein 
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said content provider and inhPm.f g -r vire r, r ^^ ^ 
different entities, said method comprising: 

generating a first key known only to said content 



a. 

provider; 
b. 



encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password and a 
separate user provided password; and 

c. storing said encrypted second key on a client 
machine; •en** 

wherein, w hen said user desires to access said data: 

decrypting said second encrypted key is decrvotpd 
^\ using said user provided password; and 

■ ocooooing said data is access^ using said second 



■e-r- 

key. 



14. (currently amended) A program storage device readable 
by machine, tangibly embodying a program of instructions 
executable by the machine to perform method steps in a 
communications network having at least a content provider 
node and a plurality of client machines, said method steps 
authenticating a user seeking access to secure data of said 
content provider, wherein dat a is transmitted said user 
from said content provider 1- h rouah an internet SP nr1r P 
provider and wherein said rn g tent provider and internet 
service provider are different enHH»« f . said method steps 
comprising: 
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a. transmitting gAa and the identity of the user of 
said aid- one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 



c , 

user; 



encrypting gAb with a one-time password of said 




d. calculating gA(a*b) by said client machine using 
said one-time password to decrypt said encrypted g Ab; and 

e. transmitting gA{a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 



15. {currently amended) A computer program product for 
securely providing data of a content provider to a user 
without first trusting an internet service provider, wherein 
data is transmitted to said user fro m said content provi^r 
through an internet service provider and wherein said 
content provider and internet s ervice provider are different 
entities, said computer program product comprising; 

a. first instruction means for generating a first key 
known only to said content provider; 
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b. second instruction means for encrypting a second 
key using said first key and an encryption algorithm 
requiring a one-time password; and 

c. third instructions means for storing said 
encrypted second key on a client machine; tmd- 

wherei n when said user desires to access said data: 
* fourth inotruotion moano for doorypLia y said 

second encrypted key is decrypted using said first key;, and 
e ~- fifth inobruoti u n juoana for aoocjjing said data !§. 

accessed using said second key. 

16. (currently amended) A computer program product for 
securely providing data of a content provider to a user 
without trusting an internet service provider, wherein rf*t* 
is transmitted to said user f rom said content nrnvi^r 
through an internet service n r ovider and wherein s a i H 
content provider and internet s e rvice provider ar. Hi ff ayaB f 
entities, said computer program product comprising: 

a. first instruction means for generating a first key 
known only to said content provider; 

b. second instruction means for encrypting a second 
key using said first key and an encryption algorithm 
requiring a one-time password and a separate user provided 
password; and 

c. third instruction means for storing said encrypted 
second key on a client machine; -and 
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wherein when said "ser desires to access said data: 
fourth inotruction magna for dccrypLlay said 
second encrypted key is decrvotPri using said user provided 
password; and 

^ fifth inatruction moana for ncGeaain g said data is 
accessed using said second key. 

17. (currently amended) A computer program product for use 
in a communications network having at least a content 
provider node and a plurality of client machines, said 
computer program for authenticating a user seeking access to 
secure data of said content provider, wherein ri*t- a r c 
transmitted to said user from said co n tent provider through 
an internet service provider a nd wherein said mnt-gnh 
provider and internet servi c e provider are dif fgrgnt- 
entities, said computer program product comprising: 

a. transmitting gAa and the identity of the user of 
<ai# said one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 

c. encrypting gAb with a one-time password of said 



user; 
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d. calculating gA(a*b> by said client machine using 
said one-time password to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 
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